On Fri, 10 Nov 2006 17:27:46 -0300 "Oliver Schulze L." <oliver@xxxxxxxxxxxxx> wrote: > Andreas Gohr wrote: > > There your hard coded letters would have failed in the same way. > > > Hi Andi, > You should put the coded letter in $_SESSION[], not in a public place. I needed a solution without sessions or cookies, the public place wasn't the problem - I used encryption for that. The problem was the replayability but I fixed that as well by making sure a captcha can only be used once (by utting it into a unique index column with the comments). Anyway - thats completely offtopic. I just told the story as an example of a "clever spammer". Andi -- http://www.splitbrain.org